Blog

Office 365 – The Perils of One Cloud Dependency

by Julian Martin - Vice President Product Marketing

Office 365 is becoming more and more popular with businesses. However, the reason for its success – one cloud for all things – is also its biggest weakness. What happens when Office 365 goes down?

Certainly Office 365 is not the only service to suffer outages, but when one service covers so many mission critical functions in the business it becomes more than a traditional business continuity issue.

Suffering from an Office 365 Outage? We'll Keep Your Business Running.
Suffering from an Office 365 Outage? We'll Keep Your Business Running.

For years IT teams have built disaster recovery plans and systems predicated on the belief that IT fails and you always need a plan B. Nothing changes in a cloud first world. Cloud services clearly fail and if you don’t have an independent continuity service, your email will be down until Office 365 gets it back up again. And you can’t control when that will happen. One hour. Five hours. Days.

So take a leaf out of the on-premises risk management handbook. Make Office 365 safer with the addition of an independent third-party continuity service.

Office 365 service outages will continue. Sometimes these will be very disruptive because they affect an entire region. Other occasions may only see some customers or group of employees affected. But outages do and will happen. It’s irrational to expect them not to happen.

Many of us now live in a cloud-first world. So the question to ask ourselves is – what will happen to me when Office 365 goes offline? Do I have a plan B?

For all its strengths, if you rely 100% on Office 365 for your email you are asking for trouble. It’s just a matter of time.

Find out more about how we can help keep your business running during an Office 365 outage here.

FILED IN

As employees around the world look forward to Friday and the imminent weekend, so it seems do the scammers, hackers and cyber-gangs. 

Research out from Cyren shows Friday is the peak distribution day for spam and malware, with almost 4x more malware than Mondays. The theory is that when employees take their laptops home over the weekend, they no longer benefit from the security measures put in place by their employers. Protection that only functions when behind a firewall on the company network.

Friday is the peak day for spam and malware.
Friday is the peak day for spam and malware.

Black Friday – the now global fraud phenomenon following Thanksgiving in the US – is set to be worse still, as vast numbers of employees begin their online festive shopping.

As employees click links in email, open attachments and surf the web unprotected via public unsecured Wi-Fi or their home network, they allow malware onto their machines that can then make its way onto the wider corporate network when they logon on Monday.

By then it could even be too late. With the mean time-to-click on a phishing email being 1 minute 22 seconds according the latest Verizon Data Breach Investigations Report, an attack could have already been successfully executed before the weekend is even over. Employees may have already had their credentials harvested, or been duped into giving away other valuable IP or data for sale or extortion.

So how can cybersecurity pros overcome the challenge of Monday morning security alerts and attack containment? With the right security measures in place, organizations can ensure that laptops along with tablets, cell phones and other devices, are protected both on and off the network. With 95% of breaches starting with an email-based phishing attack, ensuring appropriate email security is in place is a logical place to start.

So what kind of protection is needed? Cloud-based email security provides the most up-to-date defense against constantly changing threats. It allows protection to follow the employee across all devices no matter where they connect or access work email.

Email-borne attacks typically use malicious URLs or weaponized attachments to deliver their malware payload, so protecting both these vectors is key. Link rewriting with real-time, on-click analysis is the best form of defense against links that point to malicious web content. A system should always rewrite all inbound links and check the destination site every time the link is clicked to protect against delayed exploits.

Weaponized attachment-based attacks are best halted by the latest cloud-based sandboxing technology that delivers deep inspection of files. The sandbox must also be able to detect the sophisticated evasion techniques increasingly used to try and bypass sandboxes.

There’s another option here too in the form of attachment transcription to a safe file format. For example, a Microsoft Word document with a malicious macro is converted to a safe PDF format, a process that removes the malicious code. This alternative to traditional sandboxing means emails and files are delivered to recipients without the typical delay of a sandbox, and is arguably a more thorough process that is not susceptible to evasion.

Email-based security protection should be paired with web security to extend reach beyond email too.

Cybercriminals that write and distribute malware work and operate like businesses too, ‘shipping’ their code before they pack up for the weekend and watch employees fall victim to their exploits. By taking precautions like those we’ve described, and continuing to make employees more vigilant and aware of what to look out for, your organization will be better protected against potential ‘weekend weaknesses’.

You can learn more about advanced email attacks in our recent whitepaper: Countdown to Compromise: The Timeline of a Spear-Phishing Attack.

Find out more about Mimecast Email Security with Targeted Threat Protection against both URL and attachment based attacks on our website.

FILED IN

Email is in the frontline in the war on cybercrime. It is often the primary access point to the outside world and brimming with valuable data, so protecting it has never been more important.

Organizations have traditionally looked to the IT channel to support their email needs. The vast majority have been Microsoft partners selling and supporting on-premises Exchange. (Radicati data on Microsoft’s reach)


Today the cloud is heralding a new opportunity for all channel resellers to become the prime risk management partners for their customers.

This is why we’re particularly pleased to have won Security Vendor of the Year in the CRN Channel Awards 2015. Judges remarked on the powerful statistics and favourable personal testimonials from our partners.

Yet the channel market is set for more upheavals amid the race to the cloud.

Office 365 adoption is growing rapidly and we predict greater consolidation as Microsoft begins to squeeze the margins on each mailbox.

But the reality is that most organizations need a great deal of advice and support to adopt cloud services. Selling complementary cloud products, training or building additional managed services, particularly around security, are great ways to add value.

I’d also like to congratulate our partners who were also successful in the CRN awards:

MANAGED SERVICES PROVIDER OF THE YEAR

  • Winner: SCC

CORPORATE VAR OF THE YEAR

  • Judges’ Commended: Bytes

INDUSTRY ACHIEVEMENT AWARD

  • Winner: Phil Doye, CEO, Kelway

FILED IN

Secure Archiving Needs a Long-term Strategy

by Julian Martin - Vice President Product Marketing

Yet again, another vendor has given up on its commitment to its customers’ email security and archiving. Just as Webroot and Google had done previously, Intel Security recently announced the end of life of its McAfee SaaS Email Protection and Archiving service. Former MXLogic customers are left with the risk of losing their security protection if they don’t act quickly.

Meanwhile, at this week’s Symposium, Gartner's SVP & Global Head of Research Peter Sondergaard predicted that the typical technology organization will spend up to 30% of its budget on risk, security & compliance by 2017. With cyber risks on the rise, there’s never been a better time to review your long-term archiving and security strategy.

It’s fair to say that it is relatively easy to swap out a security gateway service but archiving is definitely a long-term bet. Data volumes are skyrocketing and organizations should be concerned around the cost and pain of migrating terabytes of critical data out of a defunct system in future. Short-term cost saving and poor vendor selection today could mean you’re left high and dry in years to come.

 At Mimecast we have a track record of helping customers migrate away from end-of-life email services, providing on-going support and a regular stream of new products and service updates.

The Google Postini EOL announcement brought many organizations to Mimecast, at first for security but eventually customers ended up with so much more. One example is Au Bon Pain who first came to Mimecast with a security requirement but then added archiving and our email continuity service. They were so pleased, they offered to do a case study on Mimecast about their experience. 

 Archiving in 2015 means going beyond just storing customer emails and attachments safely. We believe that providing employees with rapid access to this critical data, wherever they are, is equally as important. Meanwhile, a host of new advanced and targeted email threats need to be kept at bay.

Securing email and archiving means making a long-term commitment. We take that very seriously indeed and it is our business – nothing distracts us from that. Whether your primary emails are on-premises or in the cloud, you need to carefully evaluate your options today and determine who’s best placed for the future.

FILED IN